CVE-2025-3284 identifies a Cross-Site Request Forgery (CSRF) vulnerability in the WPEverest User Registration PRO – Custom Registration Form, Login Form, and User Profile WordPress plugin, affecting all versions up to and including 5.1.3. The vulnerability stems from missing or incorrect nonce validation in the user_registration_pro_delete_account() function, which is responsible for handling user account deletion requests. Nonce tokens are security mechanisms used in WordPress to verify that requests originate from legitimate users and not from malicious third-party sites. Due to the absence or improper implementation of nonce validation, an attacker can craft a malicious request that, when executed by an authenticated site administrator (e.g., by clicking a link), forces the deletion of user accounts, including administrator accounts. This attack vector requires no prior authentication by the attacker but does require user interaction from a privileged user, making it a CSRF attack. The vulnerability impacts the integrity of the system by allowing unauthorized deletion of user accounts but does not affect confidentiality or availability directly. The CVSS v3.1 base score is 4.3, indicating medium severity, with attack vector network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), unchanged scope (S:U), no confidentiality impact (C:N), low integrity impact (I:L), and no availability impact (A:N). No public exploits have been reported yet, but the vulnerability is recognized and enriched by CISA. The plugin is widely used in WordPress environments for user registration and profile management, making this vulnerability relevant to many websites globally.

The primary impact of CVE-2025-3284 is the unauthorized deletion of user accounts, including administrators, which compromises the integrity of affected WordPress sites. This can lead to loss of administrative control, disruption of site management, and potential denial of service for legitimate users if critical accounts are removed. Although confidentiality and availability are not directly impacted, the loss of administrative accounts can indirectly affect site availability and security posture. Organizations relying on this plugin for user management face risks of targeted attacks where adversaries trick administrators into executing malicious requests, potentially facilitating further attacks or site takeover. The vulnerability's exploitation requires user interaction but no attacker authentication, increasing the risk in environments with less security awareness. The absence of known exploits in the wild currently limits immediate widespread damage, but the medium severity rating and ease of exploitation via social engineering make timely mitigation essential. The impact is particularly significant for organizations with high-value WordPress sites, including e-commerce, membership platforms, and corporate websites.

To mitigate CVE-2025-3284, organizations should immediately update the WPEverest User Registration PRO plugin to a patched version once available. In the absence of an official patch, administrators can implement manual nonce validation in the user_registration_pro_delete_account() function to ensure that all account deletion requests include a valid nonce token. Additionally, administrators should enforce strict user interaction policies, such as avoiding clicking on untrusted links while logged into administrative accounts. Employing web application firewalls (WAFs) with custom rules to detect and block suspicious CSRF attempts targeting the deletion endpoint can provide additional protection. Regularly auditing user accounts and monitoring logs for unexpected deletions can help detect exploitation attempts early. Educating administrators about CSRF risks and encouraging the use of multi-factor authentication (MFA) reduces the likelihood of successful attacks. Finally, limiting administrative privileges to only necessary personnel and employing the principle of least privilege can minimize potential damage from compromised accounts.